Change log for libyaml package in Ubuntu

libyaml (0.2.5-1) unstable; urgency=medium

  [ Debian Janitor ]
  * Use secure copyright file specification URI.
  * Set debhelper-compat version in Build-Depends.
  * Set upstream metadata fields: Bug-Database, Bug-Submit (from ./configure),
    Repository, Repository-Browse.
  * Drop transition for old debug package migration.
  * Update standards version to 4.6.0, no changes needed.

  [ Florian Ernst ]
  * [de63dcd] debian/watch: update as per latest uscan recommendations.
    This allows detecting new upstream releases again and also migrates
    to the actual upstream source tarballs not containing any pre-built
    stuff like documentation, saving a bunch of lintian errors/warnings.
  * [1b08058] New upstream version 0.2.5 (Closes: #987895)
  * [dfbe297] debian/copyright: update years according to most recent changes
  * [183f9d4] upgrade to recommended debhelper-compat (= 13)
    But ignore libtool library during installation and simplify debian/rules
  * [982974f] debian/rules: enable hardening=+all
  * [1f7cabe] debian/libyaml-0-2.symbols: add Build-Depends-Package
    meta-information
  * [1104826] debian/control: declare Rules-Requires-Root: no
  * [8f2e2e6] debian/tests/: add upstream tests as autopkgtest
  * [f5e5378] Add Salsa pipeline via debian/salsa-ci.yml file
  * [88cfa12] salvaging the package and moving to Debian group on Salsa
    (Closes: #1012344)
  * [da1b78b] debian/control: Standards-Version: 4.6.1.0 (no further changes
    required)

 -- Florian Ernst <email address hidden>  Wed, 06 Jul 2022 16:45:09 +0200

Available diffs

• diff from 0.2.2-1build2 (in ~ci-train-ppa-service/ubuntu/4815-deletedppa) to 0.2.5-1 (521.3 KiB)

libyaml (0.2.2-1build2) jammy; urgency=high

  * No change rebuild for ppc64el baseline bump.

 -- Julian Andres Klode <email address hidden>  Thu, 24 Mar 2022 17:15:57 +0100

Available diffs

• diff from 0.2.2-1build1 (in Ubuntu) to 0.2.2-1build2 (563 bytes)

libyaml (0.2.2-1build1) impish; urgency=medium

  * No-change rebuild to build packages with zstd compression.

 -- Matthias Klose <email address hidden>  Thu, 07 Oct 2021 12:20:07 +0200

Available diffs

• diff from 0.2.2-1 (in Debian) to 0.2.2-1build1 (325 bytes)

libyaml (0.2.2-1) unstable; urgency=medium

  * New upstream version 0.2.2.
  * Bump Standards-Version to 4.4.0 and Debhelper compat to 12.

 -- Anders Kaseorg <email address hidden>  Sat, 14 Sep 2019 19:50:18 -0700

Available diffs

• diff from 0.2.1-1 to 0.2.2-1 (41.4 KiB)

libyaml (0.2.1-1~build1) cosmic; urgency=medium

  * Upload to cosmic

 -- Gianfranco Costamagna <email address hidden>  Wed, 27 Jun 2018 10:17:49 +0200

Available diffs

• diff from 0.1.7-2ubuntu3 to 0.2.1-1~build1 (358.7 KiB)

libyaml (0.2.1-1) unstable; urgency=medium

  * New upstream version 0.2.1.
    + Moved canonical repo to GitHub.  (Closes: #865709)
  * Bump Standards-Version to 4.1.4 and debian/compat to 11.
    + Moved documentation in libyaml-doc from /usr/share/doc/libyaml-doc
      to /usr/share/doc/libyaml-dev.

 -- Anders Kaseorg <email address hidden>  Tue, 26 Jun 2018 20:25:08 -0400

Available diffs

• diff from 0.1.7-2ubuntu3 (in Ubuntu) to 0.2.1-1 (358.7 KiB)
• diff from 0.2.1-1~build1 (in Ubuntu) to 0.2.1-1 (310 bytes)

libyaml (0.1.7-2ubuntu3) artful; urgency=medium

  * Revert the testsuite fix patch, so this way this
    becomes a sync candidate in case Debian adopts it.
    - the haskell failing test is now disabled

 -- Gianfranco Costamagna <email address hidden>  Mon, 10 Jul 2017 16:11:05 +0200

Available diffs

• diff from 0.1.7-2ubuntu2 to 0.1.7-2ubuntu3 (1.8 KiB)

libyaml (0.1.7-2ubuntu2) artful; urgency=medium

  [ James Clarke ]
  * debian/patches/testsuite-fix.patch:
    - disable previous patch with a better one.

 -- Gianfranco Costamagna <email address hidden>  Thu, 29 Jun 2017 07:54:35 +0200

Available diffs

• diff from 0.1.7-2ubuntu1 to 0.1.7-2ubuntu2 (928 bytes)

libyaml (0.1.7-2ubuntu1) artful; urgency=medium

  * debian/patches/56400d976a1999156b1abfd674c3122843980260.patch:
    cherry-pick upstream fix for a testsuite failure.
  * Move watch and homepage to new github maintained repo.

 -- Gianfranco Costamagna <email address hidden>  Fri, 23 Jun 2017 18:29:36 +0200

Available diffs

• diff from 0.1.7-2 (in Debian) to 0.1.7-2ubuntu1 (1.4 KiB)

libyaml (0.1.7-2) unstable; urgency=medium

  * Clean doxygen-generated documentation with dh_doxygen.
  * Mark libyaml-doc Multi-Arch: foreign.
  * Add libyaml-0-2.symbols file.

 -- Anders Kaseorg <email address hidden>  Fri, 30 Sep 2016 22:06:09 -0400

Available diffs

• diff from 0.1.6-3 to 0.1.7-2 (206.1 KiB)

libyaml (0.1.4-2ubuntu0.12.04.4) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service via triggered assertion
    - debian/patches/CVE-2014-9130.patch: remove assertion
    - CVE-2014-9130
 -- Steve Beattie <email address hidden>   Thu, 08 Jan 2015 18:17:27 -0800

Available diffs

• diff from 0.1.4-2ubuntu0.12.04.3 to 0.1.4-2ubuntu0.12.04.4 (1.0 KiB)

libyaml (0.1.4-3ubuntu3.1) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via triggered assertion
    - debian/patches/CVE-2014-9130.patch: remove assertion
    - CVE-2014-9130
 -- Steve Beattie <email address hidden>   Thu, 08 Jan 2015 17:57:14 -0800

Available diffs

• diff from 0.1.4-3ubuntu3 (in Ubuntu) to 0.1.4-3ubuntu3.1 (1.0 KiB)

libyaml (0.1.6-1ubuntu0.1) utopic-security; urgency=medium

  * SECURITY UPDATE: denial of service via triggered assertion
    - debian/patches/CVE-2014-9130.patch: remove assertion
    - CVE-2014-9130
 -- Steve Beattie <email address hidden>   Thu, 08 Jan 2015 16:21:49 -0800

Available diffs

• diff from 0.1.6-1 (in Debian) to 0.1.6-1ubuntu0.1 (1.3 KiB)

libyaml (0.1.6-3) unstable; urgency=high


  * debian/patches/CVE-2014-9130.patch: Fix CVE-2014-9130 assertion
    failure caused by wrapped strings.  (Closes: #771366)
  * Bump Standards-Version to 3.9.6 (no changes needed).

 -- Anders Kaseorg <email address hidden>  Fri, 28 Nov 2014 22:05:10 -0500

Available diffs

• diff from 0.1.6-2 to 0.1.6-3 (1.2 KiB)

libyaml (0.1.6-2) unstable; urgency=medium


  * Move doxygen from Build-Depends to Build-Depends-Indep.

 -- Anders Kaseorg <email address hidden>  Tue, 19 Aug 2014 21:56:25 -0400

Available diffs

• diff from 0.1.6-1 to 0.1.6-2 (568 bytes)

libyaml (0.1.6-1) unstable; urgency=medium


  * New upstream version 0.1.6.
    + Fix CVE-2013-6393: heap-based buffer overflow when parsing YAML
      tags.
    + Fix CVE-2014-2525: heap-based buffer overflow in
      yaml_parser_scan_uri_escapes.
  * Drop upstreamed patches.
  * Run tests at build time.
  * Bump Standards-Version to 3.9.5 (no changes needed).
  * Use dh-autoreconf.  (Closes: #745078)
  * Use dh-buildinfo.
  * Add libyaml-doc package for Doxygen-generated API documentation and
    examples.  (Closes: #696821)
  * Acknowledge NMUs.

 -- Anders Kaseorg <email address hidden>  Tue, 19 Aug 2014 00:03:53 -0400

Available diffs

• diff from 0.1.4-3ubuntu3 (in Ubuntu) to 0.1.6-1 (234.3 KiB)

libyaml (0.1.4-3ubuntu3) trusty; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    heap overflow in yaml_parser_scan_uri_escapes
    - debian/patches/CVE-2014-2525.patch: properly handle memory in
      src/scanner.c, src/yaml_private.h.
    - CVE-2014-2525
 -- Marc Deslauriers <email address hidden>   Wed, 02 Apr 2014 11:38:05 -0400

Available diffs

• diff from 0.1.4-3ubuntu2 to 0.1.4-3ubuntu3 (1.1 KiB)

libyaml (0.1.4-2ubuntu0.12.04.3) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    heap overflow in yaml_parser_scan_uri_escapes
    - debian/patches/CVE-2014-2525.patch: properly handle memory in
      src/scanner.c, src/yaml_private.h.
    - CVE-2014-2525
 -- Marc Deslauriers <email address hidden>   Wed, 02 Apr 2014 11:44:25 -0400

Available diffs

• diff from 0.1.4-2ubuntu0.12.04.2 to 0.1.4-2ubuntu0.12.04.3 (1.2 KiB)

libyaml (0.1.4-2ubuntu0.13.10.3) saucy-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    heap overflow in yaml_parser_scan_uri_escapes
    - debian/patches/CVE-2014-2525.patch: properly handle memory in
      src/scanner.c, src/yaml_private.h.
    - CVE-2014-2525
 -- Marc Deslauriers <email address hidden>   Wed, 02 Apr 2014 11:43:27 -0400

Available diffs

• diff from 0.1.4-2ubuntu0.13.10.2 to 0.1.4-2ubuntu0.13.10.3 (1.2 KiB)

libyaml (0.1.4-2ubuntu0.12.10.3) quantal-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    heap overflow in yaml_parser_scan_uri_escapes
    - debian/patches/CVE-2014-2525.patch: properly handle memory in
      src/scanner.c, src/yaml_private.h.
    - CVE-2014-2525
 -- Marc Deslauriers <email address hidden>   Wed, 02 Apr 2014 11:43:57 -0400

Available diffs

• diff from 0.1.4-2ubuntu0.12.10.2 to 0.1.4-2ubuntu0.12.10.3 (1.2 KiB)

libyaml (0.1.4-3ubuntu2) trusty; urgency=medium

  * SECURITY REGRESSION: parsing regression in security update
    (LP: #1279805)
    - debian/patches/CVE-2013-6393.patch: use upstream commits from 0.1.5.
    - debian/patches/libyaml-string-overflow.patch: removed
    - debian/patches/libyaml-node-id-hardening.patch: removed
    - debian/patches/libyaml-indent-column-overflow-v2.patch: removed
 -- Marc Deslauriers <email address hidden>   Thu, 13 Feb 2014 09:02:35 -0500

Available diffs

• diff from 0.1.4-3ubuntu1 to 0.1.4-3ubuntu2 (4.5 KiB)

libyaml (0.1.4-2ubuntu0.12.10.2) quantal-security; urgency=medium

  * SECURITY REGRESSION: parsing regression in security update
    (LP: #1279805)
    - debian/patches/CVE-2013-6393.patch: updated to use upstream commits
      from 0.1.5.
 -- Marc Deslauriers <email address hidden>   Thu, 13 Feb 2014 08:39:51 -0500

Available diffs

• diff from 0.1.4-2ubuntu0.12.10.1 to 0.1.4-2ubuntu0.12.10.2 (3.2 KiB)

libyaml (0.1.4-2ubuntu0.13.10.2) saucy-security; urgency=medium

  * SECURITY REGRESSION: parsing regression in security update
    (LP: #1279805)
    - debian/patches/CVE-2013-6393.patch: updated to use upstream commits
      from 0.1.5.
 -- Marc Deslauriers <email address hidden>   Thu, 13 Feb 2014 08:32:45 -0500

Available diffs

• diff from 0.1.4-2ubuntu0.13.10.1 to 0.1.4-2ubuntu0.13.10.2 (3.2 KiB)

libyaml (0.1.4-2ubuntu0.12.04.2) precise-security; urgency=medium

  * SECURITY REGRESSION: parsing regression in security update
    (LP: #1279805)
    - debian/patches/CVE-2013-6393.patch: updated to use upstream commits
      from 0.1.5.
 -- Marc Deslauriers <email address hidden>   Thu, 13 Feb 2014 08:40:49 -0500

Available diffs

• diff from 0.1.4-2ubuntu0.12.04.1 to 0.1.4-2ubuntu0.12.04.2 (3.2 KiB)

libyaml (0.1.4-3ubuntu1) trusty; urgency=medium

  * Merge from Debian. Remaining changes:
    - debian/{rules,control}: build-depend on dh-autoreconf and use it.

Available diffs

• diff from 0.1.4-2ubuntu1 to 0.1.4-3ubuntu1 (3.0 KiB)

libyaml (0.1.4-2ubuntu0.12.10.1) quantal-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    large yaml documents
    - debian/patches/CVE-2013-6393.patch: fix integer overflows in
      src/scanner.c, src/api.c.
    - CVE-2013-6393
 -- Marc Deslauriers <email address hidden>   Fri, 31 Jan 2014 13:08:05 -0500

Available diffs

• diff from 0.1.4-2build1 (in Ubuntu) to 0.1.4-2ubuntu0.12.10.1 (2.1 KiB)

libyaml (0.1.4-2ubuntu0.12.04.1) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    large yaml documents
    - debian/patches/CVE-2013-6393.patch: fix integer overflows in
      src/scanner.c, src/api.c.
    - CVE-2013-6393
 -- Marc Deslauriers <email address hidden>   Fri, 31 Jan 2014 13:09:02 -0500

Available diffs

• diff from 0.1.4-2 (in Debian) to 0.1.4-2ubuntu0.12.04.1 (2.1 KiB)

libyaml (0.1.4-2ubuntu0.13.10.1) saucy-security; urgency=medium

  * SECURITY UPDATE: denial of service and possible code execution via
    large yaml documents
    - debian/patches/CVE-2013-6393.patch: fix integer overflows in
      src/scanner.c, src/api.c.
    - CVE-2013-6393
 -- Marc Deslauriers <email address hidden>   Fri, 31 Jan 2014 13:04:30 -0500

Available diffs

• diff from 0.1.4-2build1 (in Ubuntu) to 0.1.4-2ubuntu0.13.10.1 (2.1 KiB)

libyaml (0.1.4-2ubuntu1) trusty; urgency=low

  * debian/{rules,control}: build-depend on dh-autoreconf and use it.
 -- Adam Conrad <email address hidden>   Thu, 12 Dec 2013 01:29:25 -0700

Available diffs

• diff from 0.1.4-2build1 to 0.1.4-2ubuntu1 (794 bytes)

libyaml (0.1.4-2build1) quantal; urgency=low

  * Rebuild for new armel compiler default of ARMv5t.
 -- Colin Watson <email address hidden>   Fri, 05 Oct 2012 10:49:29 +0100

Available diffs

• diff from 0.1.4-2 (in Debian) to 0.1.4-2build1 (350 bytes)

libyaml (0.1.4-2) unstable; urgency=low


  * Remove extra libyaml-0.so symlink from libyaml-dev.
  * Bump Debhelper compat level to 9.
  * Support multiarch.  (Closes: #653748) (LP: #905630)
  * Use 3.0 (quilt) source format.

 -- Anders Kaseorg <email address hidden>  Fri, 30 Dec 2011 17:14:52 -0500

Available diffs

• diff from 0.1.4-1 (in Ubuntu) to 0.1.4-2 (1.5 KiB)

libyaml (0.1.4-1) unstable; urgency=low

  * New upstream version 0.1.4.
    + Fixed a bug that prevented an empty mapping being used as a simple
      key.
    + Fixed pointer overflow when calculating the position of a potential
      simple key.
    + Added pkg-config support.  (Closes: #537834)
  * Remove unneded libyaml.la file.  (Closes: #622452)
  * Add libyaml-0-2-dbg package with debugging symbols.
    (Closes: #592747)
  * Bumped standards version to 3.9.2 without further change
 -- Ubuntu Archive Auto-Sync <email address hidden>   Fri,  03 Jun 2011 10:24:33 +0000

Available diffs

• diff from 0.1.3-1 to 0.1.4-1 (214.4 KiB)

libyaml (0.1.3-1) unstable; urgency=low

  * New upstream version 0.1.3.
    + This release fixes non-standard structure initialization and a
      streaming-related issue.
  * Bump priority from extra to optional.
 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  14 Dec 2009 18:46:23 +0000

Available diffs

• diff from 0.1.2-1 to 0.1.3-1 (90.9 KiB)

libyaml (0.1.2-1) unstable; urgency=low

  * New upstream version 0.1.2.
    + Fixed grammar in error messages (from YAML::XS::LibYAML).
    + Rewritten whitespace detection in the scalar analyzer and block
      scalar writers (ported from PyYAML).
    + Fixed emitting folded scalars with trailing breaks; Forced emitting
      of a document end indicator when there is a possibility of ambiguous
      parsing.

 -- Scott Kitterman <email address hidden>   Thu,  08 Jan 2009 05:55:39 +0000

Available diffs

• diff from 0.1.1-1 to 0.1.2-1 (499.0 KiB)

libyaml (0.1.1-1~hardy1) hardy-backports; urgency=low

  * Automated backport upload; no source changes.

 -- Evan Broder <email address hidden>   Wed, 07 Jan 2009 15:21:09 +0000

Available diffs

• diff from 0.1.1-1 to 0.1.1-1~hardy1 (293 bytes)

libyaml (0.1.1-1) unstable; urgency=low

  * Initial release (Closes: #484381).

 -- Ubuntu Archive Auto-Sync <email address hidden>   Thu,  26 Jun 2008 09:22:52 +0100